upstream: in _ssh_order_hostkeyalgs() consider ECDSA curve type when

arranging the hostkey algorithms. AFAIK this code is unused in OpenSSH, but I
guess others are using it

based on GHPR387 from Pawel Jakub Dawidek

OpenBSD-Commit-ID: 4d462495ac0c40f7b7dd66178e0005b9b2128225
This commit is contained in:
djm@openbsd.org 2024-10-18 05:14:51 +00:00 committed by Damien Miller
parent d01ee7a88c
commit 0a1e75499e
No known key found for this signature in database
1 changed files with 15 additions and 10 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh_api.c,v 1.31 2024/09/09 02:39:57 djm Exp $ */ /* $OpenBSD: ssh_api.c,v 1.32 2024/10/18 05:14:51 djm Exp $ */
/* /*
* Copyright (c) 2012 Markus Friedl. All rights reserved. * Copyright (c) 2012 Markus Friedl. All rights reserved.
* *
@ -532,7 +532,7 @@ _ssh_order_hostkeyalgs(struct ssh *ssh)
char *orig, *avail, *oavail = NULL, *alg, *replace = NULL; char *orig, *avail, *oavail = NULL, *alg, *replace = NULL;
char **proposal; char **proposal;
size_t maxlen; size_t maxlen;
int ktype, r; int ktype, nid, r;
/* XXX we de-serialize ssh->kex->my, modify it, and change it */ /* XXX we de-serialize ssh->kex->my, modify it, and change it */
if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0) if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0)
@ -551,15 +551,20 @@ _ssh_order_hostkeyalgs(struct ssh *ssh)
while ((alg = strsep(&avail, ",")) && *alg != '\0') { while ((alg = strsep(&avail, ",")) && *alg != '\0') {
if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC) if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
continue; continue;
nid = sshkey_ecdsa_nid_from_name(alg);
TAILQ_FOREACH(k, &ssh->public_keys, next) { TAILQ_FOREACH(k, &ssh->public_keys, next) {
if (k->key->type == ktype || if (k->key->type != ktype &&
(sshkey_is_cert(k->key) && k->key->type == (!sshkey_is_cert(k->key) ||
sshkey_type_plain(ktype))) { k->key->type != sshkey_type_plain(ktype)))
if (*replace != '\0') continue;
strlcat(replace, ",", maxlen); if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&
strlcat(replace, alg, maxlen); k->key->ecdsa_nid != nid)
break; continue;
} /* Candidate */
if (*replace != '\0')
strlcat(replace, ",", maxlen);
strlcat(replace, alg, maxlen);
break;
} }
} }
if (*replace != '\0') { if (*replace != '\0') {